Denial of service in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-out 4 (iLO 4)

1) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HPE StoreEasy 3840 Gateway Storage Blade: All versions

HPE StoreEasy 3840 Gateway Storage: All versions

HPE StoreEasy 3830 Gateway Storage Blade: All versions

HPE StoreEasy 3830 Gateway Storage: All versions

HPE StoreEasy 1840 Storage: All versions

HPE StoreEasy 1830 Storage: All versions

HPE StoreEasy 1640 Storage: All versions

HPE StoreEasy 1630 Storage: All versions

HPE StoreEasy 1540 Storage: All versions

HPE StoreEasy 1530 Storage: All versions

HPE StoreEasy 1440 Storage: All versions

HPE StoreEasy 1430 Storage: All versions

HPE StoreEasy 3850 Gateway Storage Blade: All versions

HPE StoreEasy 3850 Gateway Single Node Upgrade: All versions

HPE StoreEasy 1650 Expanded Storage: All versions

HPE 3PAR StoreServ File Controller v3 System: All versions

HPE 3PAR StoreServ File Controller v2 Storage: All versions

HPE 3PAR StoreServ File Controller: All versions

HPE ProLiant WS460c Gen8 Graphics Server Blade: All versions

HPE ProLiant WS460c Gen9 Graphics Server Blade: All versions

HPE ProLiant ML110 Gen9 Server: All versions

HPE ProLiant XL220a Gen8 v2 Server: All versions

HPE ProLiant XL230b Gen9 Server: All versions

HPE ProLiant XL270d Gen9 Special Server: All versions

HPE ProLiant SL210t Gen8 Server: All versions

HPE ProLiant SL230s Gen8 Server: All versions

HPE ProLiant SL250s Gen8 Server: All versions

HPE ProLiant SL270s Gen8 SE Server: All versions

HPE ProLiant SL270s Gen8 Server: All versions

HPE ProLiant ML310e Gen8 Server: All versions

HPE ProLiant ML350e Gen8 Server: All versions

HPE ProLiant ML350e Gen8 v2 Server: All versions

HPE ProLiant ML350p Gen8 Server: All versions

HPE ProLiant DL60 Gen9 Server: All versions

HPE ProLiant DL80 Gen9 Server: All versions

HPE ProLiant DL120 Gen9 Server: All versions

HPE ProLiant DL160 Gen8 Server: All versions

HPE ProLiant DL160 Gen9 Server: All versions

HPE ProLiant DL320e Gen8 Server: All versions

HPE ProLiant DL320e Gen8 v2 Server: All versions

HPE ProLiant DL360e Gen8 Server: All versions

HPE ProLiant DL360p Gen8 Server: All versions

HPE ProLiant DL380e Gen8 Server: All versions

HPE ProLiant DL380p Gen8 Server: All versions

HPE ProLiant DL380 Gen9 Server: All versions

HPE ProLiant DL385p Gen8 (AMD): All versions

HPE ProLiant DL560 Gen8 Server: All versions

HPE ProLiant DL580 Gen8 Server: All versions

HPE ProLiant BL420c Gen8 Server: All versions

HPE ProLiant BL460c Gen8 Server Blade: All versions

HPE ProLiant BL460c Gen9 Server Blade: All versions

HPE ProLiant BL465c Gen8 Server Blade: All versions

HPE ProLiant BL660c Gen8 Server Blade: All versions

HPE ProLiant BL660c Gen9 Server: All versions

HPE Apollo r2000 Chassis: All versions

HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis: All versions

HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis: All versions

HPE Apollo n2600 Gen10 Plus: All versions

HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis: All versions

HPE Apollo n2800 Gen10 Plus: All versions

HPE Apollo 4200 Gen10 Server: All versions

HPE Apollo 4200 Gen10 Plus System: All versions

HPE Apollo 4510 Gen10 System: All versions

HPE Apollo 6500 Gen10 System: All versions

HPE Apollo 6500 Gen10 Plus System: All versions

HPE Edgeline e920t Server Blade: All versions

HPE Edgeline e920d Server Blade: All versions

HPE Edgeline e920 Server Blade: All versions

HPE ProLiant e910t Server Blade: All versions

HPE ProLiant e910 Server Blade: All versions

HPE ProLiant XL220n Gen10 Plus Server: All versions

HPE ProLiant XL225n Gen10 Plus 1U Node: All versions

HPE ProLiant XL270d Gen10 Server: All versions

HPE ProLiant XL290n Gen10 Plus Server: All versions

HPE ProLiant XL645d Gen10 Plus Server: All versions

HPE ProLiant XL675d Gen10 Plus Server: All versions

HPE StoreEasy 1860 Storage: All versions

HPE StoreEasy 1860 Performance Storage: All versions

HPE StoreEasy 1660 Storage: All versions

HPE StoreEasy 1660 Performance Storage: All versions

HPE StoreEasy 1660 Expanded Storage: All versions

HPE StoreEasy 1560 Storage: All versions

HPE StoreEasy 1460 Storage: All versions

HPE Storage Performance File Controller: All versions

HPE Storage File Controller: All versions

HPE ProLiant ML30 Gen10 Server: All versions

HPE ProLiant ML30 Gen10 Plus server: All versions

HPE ProLiant DX4200 Gen10 server: All versions

HPE ProLiant DX560 Gen10 server: All versions

HPE ProLiant DX385 Gen10 Plus server: All versions

HPE ProLiant DX385 Gen10 Plus v2 server: All versions

HPE ProLiant DX380 Gen10 server: All versions

HPE ProLiant DX380 Gen10 Plus server: All versions

HPE ProLiant DX360 Gen10 server: All versions

HPE ProLiant DX360 Gen10 Plus server: All versions

HPE ProLiant DX325 Gen10 Plus v2 server: All versions

HPE ProLiant DX220n Gen10 Plus server: All versions

HPE ProLiant DX190r Gen10 server: All versions

HPE ProLiant DX170r Gen10 server: All versions

HPE ProLiant DL20 Gen10 Server: All versions

HPE ProLiant DL20 Gen10 Plus server: All versions

HPE ProLiant DL325 Gen10 Server: All versions

HPE ProLiant DL325 Gen10 Plus server: All versions

HPE ProLiant DL345 Gen10 Plus server: All versions

HPE ProLiant DL360 Gen10 Plus server: All versions

HPE ProLiant DL365 Gen10 Plus server: All versions

HPE ProLiant DL380 Gen10 Plus server: All versions

HPE ProLiant DL385 Gen10 Plus v2 server: All versions

HPE ProLiant DL385 Gen10 Plus server: All versions

HP ConvergedSystem 700x: All versions

HP ConvergedSystem 700: All versions

HPE StoreEasy 1850 Storage: All versions

HPE StoreEasy 3850 Gateway Storage: All versions

HPE StoreEasy 1650 Storage: All versions

HPE StoreEasy 1550 Storage: All versions

HPE StoreEasy 1450 Storage: All versions

HPE StoreVirtual 3000 File Controller: All versions

HPE ProLiant ML310e Gen8 v2 Server: All versions

HPE ProLiant MicroServer Gen8: All versions

HPE ProLiant DL580 Gen9 Server: All versions

HPE ProLiant DL180 Gen9 Server: All versions

HPE ProLiant XL190r Gen9 Server: All versions

HPE ProLiant XL250a Gen9 Server: All versions

HPE ProLiant DL20 Gen9 Server: All versions

HPE ProLiant ML30 Gen9 Server: All versions

HPE ProLiant DL560 Gen9 Server: All versions

HPE ProLiant ML350 Gen9 Server: All versions

HPE Apollo 4200 Gen9 Server: All versions

HPE ProLiant XL450 Gen9 Server: All versions

HPE ProLiant DL360 Gen9 Server: All versions

HPE ProLiant XL170r Gen9 Server: All versions

HPE ProLiant XL750f Gen9 Server: All versions

HPE ProLiant XL740f Gen9 Server: All versions

HPE ProLiant XL230a Gen9 Server: All versions

HPE ProLiant XL730f Gen9 Server: All versions

HPE ProLiant XL230k Gen10 Server: All versions

HPE ProLiant XL190r Gen10 Server: All versions

HPE ProLiant BL460c Gen10 Server Blade: All versions

HPE ProLiant XL170r Gen10 Server: All versions

HPE ProLiant DL385 Gen10 Server: All versions

HPE ProLiant XL450 Gen10 Server: All versions

HPE ProLiant ML350 Gen10 Server: All versions

HPE ProLiant DL120 Gen10 Server: All versions

HPE ProLiant DL560 Gen10 Server: All versions

HPE ProLiant DL580 Gen10 Server: All versions

HPE ProLiant ML110 Gen10 Server: All versions

HPE ProLiant DL360 Gen10 Server: All versions

HPE ProLiant DL160 Gen10 Server: All versions

HPE ProLiant DL180 Gen10 Server: All versions

HPE ProLiant DL380 Gen10 Server: All versions

HPE Integrated Lights-Out 4 (iLO 4): before 2.81

HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.72

External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04366en_us

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.